This document describes the implementation of a packet sniffer using Python. It explains what packet sniffing is and how it works by capturing network packets and examining the packet headers. It then outlines the steps to create a raw socket in Python and parse the TCP/IP headers to retrieve information from incoming packets like source/destination addresses and ports. The results of the packet sniffer are demonstrated and examples of common uses for network troubleshooting and traffic analysis are provided.
2. what is a packet sniffing?
How does it work?
Implementation using python
Result
Uses of packet sniffer
Conclusion
References
CONTENT:
3. Packet sniffing, or packet analyzer, is the process of
capturing the data that is passed over the local network and
looking for any information that may be useful.
Packet sniffing is a passive technique, no one actually is
attacking your computer and investigating through the files.
most of the time, system administrator uses packet sniffer to
troubleshoot network problems.
What is Packet Sniffing?
4. Typically, when people think of network traffic, they think
that it goes directly from their computers to the router or
switch and up to the gateway and then out to the internet,
where it routes similarly until it gets to specified destination.
This is mostly true except for one fundamental detail. Your
computer isn’t sending data anywhere.
How does it work?
5. Instead, it broadcasts the data in packets but have the
destination in the header.
Every node on network receives the packet, determines
whether it is the intended recipient and then either accepts the
packet or ignores it.
How does it work? (Cont.)
6. Sniffing method works in switched and non-switched network.
Sniffing methods
IP based sniffing.
MAC based sniffing.
ARP based sniffing.
Sniffing Methods:
7. Sniffer program
Wireshark is the commonly used packet sniffer/protocol
analyzer.
Packet sniffers can be written in python too and in this program
we have written a sniffer program in python in Linux platform.
Why Linux? Although python is a portable, the program won’t
run and give similar results on windows.
Implementation Using Python
8. This is due to difference in the implementation of the socket
API.
Our packet sniffer program doesn’t use any extra libraries like
libpcap. Instead, they just use raw sockets.
Implementation Using Python (Cont.)
9. Create a raw socket.
Receive a packet and get packet string from tuple.
From received packet parse TCP/IP header with the
help of unpack method.
Now parse the TCP/IP packet for retrieving TCP/IP
header.
Steps of Implementation
10. Now check with the internal protocol used.
If IP then, parse IP packet for retrieving IP header
Then print version, IP header length, TTL, protocol,
source address and destination address.
If TCP then, parse TCP packet for retrieving TCP header
Then print source port, destination port, sequence
number, acknowledgement and TCP header length.
Steps of Implementation (Cont.)
11. CREATING A RAW SOCKET.
S = SOCKET.SOCKET(SOCKET.AF_INET, SOCKET.SOCK_RAW,
SOCKET.IPPROTO_TCP)
. SOCKET.AF_INET INTERNET PROTOCOL (IPV4)
. SOCKET.AF_INET6 INTERNET PROTOCOL (IPV6)
. SOCKET.SOCK_RAW CONNECTION BASED STREAM (TCP)
. SOCKET.SOCK_DGRAM DATAGRAM (UDP)
. SOCKET.IPPROTO_TCP FOR TCP
. SOCKET.IPPROTO_IP FOR IP
. SOCKET.IPPROTO_UDP FOR UDP
Steps of Implementation (Cont.)
12. Receive a packet and get packet string from tuple.
packet = s.Recvfrom(65565) receiving a packet with buffer size
packet = packet [0] defining a packet
ip_ipheader = packet [0:20]
Unpacking TCP/IP header from received packets.
Ipheader = unpack(‘bbhhhbbh4s4s’, ip_ipheader)
struct.Unpack(fmt, string) Unpack the string according to the given
format. The result is a tuple even if it contains exactly one item.
Steps of Implementation (Cont.)
15. Packet sniffer is used for network troubleshooting by
network administrators.
It’s used for analyzing network traffic
why is the network slow?
What is network traffic pattern?
How is the traffic is shared between the nodes?
Uses of Packet Sniffer:
16. Capturing the clear text usernames and passwords.
Capturing and replying voip telephone conversations
Conversion of network traffic into human readable form.
Uses of Packet Sniffer (Cont.):
17. A packet sniffer might be installed at any point along
the network. It could also be sneakily installed on a server
that acts as a gateway. A packet sniffer is not just a hacker’s
tool. It can be used for network troubleshooting and other
useful purposes.
However, in the wrong hands, a packet sniffer can
capture sensitive personal information that can lead to
invasion of privacy.
Conclusion